On Fri, Mar 22, 2019 at 10:29 AM Nico Williams <nico.willi...@twosigma.com> wrote: > > On Thu, Mar 21, 2019 at 10:17:36PM +0100, Michael Osipov wrote: > > * header comment: Why do actually exclude NTLM from SPNEGO? Let SSPI work as > > it is intended to work. Means less code you have to maintain > > There's a few reasons: > > - NTLM doesn't have an OID, at least as I remember > > - the JDK's JGSS stuff is very Kerberos-specific, especially w/ regards > to the ServicePermission stuff > > IMO JAAS (and with it, *Permission) should be removed with prejudice now > that applet support has been removed. Perhaps stubs should be left > behind for compatibility reasons, and all the doAs*() methods should > just act as though permission is granted.
I assume that you mean SecurityManager and AccessController as well (which are not a part of JAAS AFAIK)? -- - DML
